Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ransomware Groups Exploit Citrix Vulnerability

Ransomware Groups Exploit Citrix Vulnerability

Posted on July 2, 2026 By CWS

Cybersecurity experts have identified ransomware groups, notably Anubis, exploiting a critical vulnerability known as Citrix Bleed 2 (CVE-2025-5777) for initial system access. This flaw allows attackers to bypass authentication on Citrix NetScaler systems configured as Gateways, posing a significant threat to various sectors.

Understanding the Anubis Ransomware Operation

Anubis, a rebranded entity of the former Sphinx ransomware group, surfaced in late 2024 and gained notoriety in early 2025. The group operates on a Ransomware-as-a-Service (RaaS) model, enticing affiliates with lucrative profit-sharing schemes while deploying sophisticated data-wiping tactics to ensure ransom payments.

In a recent report, Arctic Wolf highlighted Anubis’s strategy of using legitimate remote access tools to mask their activities within normal IT operations. Such tools include ScreenConnect, Zoho Assist, and others, which facilitate lateral movement and maintain control over compromised systems.

Exploiting Vulnerabilities and Credential Theft

In addition to exploiting Citrix Bleed 2, Anubis affiliates utilize valid VPN credentials obtained from various sources, including initial access brokers and credential stuffing attacks. This approach has been observed across multiple sectors, particularly in the U.S., U.K., and other major economies.

Further analysis revealed that attackers employ techniques like RDP and PsExec for lateral movements within networks, deploying additional remote management tools to sustain their presence and exfiltrate data. They also disable security features to thwart detection and complicate forensic investigations.

Emerging Threats and Strategic Partnerships

In parallel developments, the ransomware landscape is witnessing collaborations such as that between VECT and TeamPCP, announced in early 2026. This partnership leverages supply chain attack-driven credential theft, amplifying the efficiency of ransomware deployment.

Recent findings expose flaws in VECT’s encryption mechanisms, leading to data destruction rather than encryption for files exceeding certain sizes. Despite these setbacks, the strategic alliance signifies a shift towards more industrialized forms of cybercrime, lowering barriers for malicious actors.

The use of zero-day vulnerabilities, as demonstrated by The Gentlemen RaaS group, further exemplifies the evolving threat landscape. By exploiting weak credentials and vulnerable drivers, they achieve kernel-level access, disabling advanced security measures and enhancing their attack capabilities.

As ransomware tactics grow increasingly sophisticated, organizations must fortify their defenses against these persistent threats. Continuous monitoring, patch management, and employee training are crucial components in mitigating the risks posed by such cybersecurity adversaries.

The Hacker News Tags:Anubis, BYOVD, Citrix vulnerability, cloud security, credential theft, Cybersecurity, data theft, enterprise protection, IT security, RaaS, Ransomware, remote access, supply chain attacks, Threat Actors, zero-day exploits

Post navigation

Previous Post: New Malware Campaign Exploits TryCloudflare and Python
Next Post: Ousaban Malware Targets Iberian Banks with Phishing PDFs

Related Posts

Trust Wallet Chrome Extension Breach Caused  Million Crypto Loss via Malicious Code Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code The Hacker News
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks The Hacker News
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners The Hacker News
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control The Hacker News
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign The Hacker News
New Malware Strikes npm with IronWorm and Miasma Variants New Malware Strikes npm with IronWorm and Miasma Variants The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ousaban Malware Targets Iberian Banks with Phishing PDFs
  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python
  • Google Disrupts Massive NetNut Proxy Network
  • Microsoft 365 Under Threat: Phishing Panel Exploits OAuth Flow

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ousaban Malware Targets Iberian Banks with Phishing PDFs
  • Ransomware Groups Exploit Citrix Vulnerability
  • New Malware Campaign Exploits TryCloudflare and Python
  • Google Disrupts Massive NetNut Proxy Network
  • Microsoft 365 Under Threat: Phishing Panel Exploits OAuth Flow

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark